Overview

overview

7

Static

static

3

707a7e21df...18.exe

windows7-x64

3

707a7e21df...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    73s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    25/07/2024, 17:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $FAVORITES/Ա.lnk

  • Size

    1KB

  • MD5

    62d588bdb74e4e2e5d1689fa9272ce39

  • SHA1

    9d0db515d8f65e57353381d707060f7343a74da7

  • SHA256

    248402dd02a096f9721d61fe867fac5cacf4dc9001fa2aa6a50a59f7405606ef

  • SHA512

    cbb47f7e4227177ad39a1c914e00e0ca13209fe0839d13819299ad203572b69026c541d71c5101e4cdddbcf7786c6adf339af3e4b0aab65cb188614f646a893e

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$FAVORITES\Ա.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:448
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mai520.com/?taobao
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d79939318113be1138344201cd59da9

    SHA1

    f411162efe427e7d7efa09f109f40a4187e8958a

    SHA256

    a64082a958af92936ba6013edfc861e5cc52d00c74394723e3917a286ad7d111

    SHA512

    23fe30ce444e60d2d0b6c6acc79aa067a192711a02ff7aee2145b336532478a1ed5ae46a08c95151af50a4c6639c0224360d40a44cd3058fdb2608fd416bcf7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    615634ae4417750d1e625a9515504c94

    SHA1

    f881b07a5ae37428e4c998ac0c383511eafb1cf4

    SHA256

    c2a9f19f6e7382b44c2f68188b79a8b8a224a14bbe727bcb8483195afa8f6918

    SHA512

    0296aeb13d39e5aa9036b9201816e70a59cc2d5ba4d5236ae9c2bd5fcd872fa80c2b750c7b5b0d91cf31c63b88426df0b2d498a3917acff1a07ee3cd0b0e270f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05f704434d326ae5a7275f6cc91e226a

    SHA1

    4f62cc0d176dc2f8dcac623383a2223d2e857a43

    SHA256

    809c0c0030e8b1fe91a84ebc87d0388afabb51c9e4eff936a1b1042c4c612de3

    SHA512

    95721a537a8a51e35c7ecbd1fd308266ccd2b49f36dd8b401a8b8097c517acee6381d226d6f2232f0a4cf25d8d6535f01108ce775b9321c221c7c13630d19604

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86a67b07221c4d06435ab8e8dff48e45

    SHA1

    d4fb0dae43a6feaf7256c83fcdba73013ebe8cd8

    SHA256

    66a7ab5e9c94c660ba091475b42a744dd2fc29464a2507c3e0300c6df0fd81bf

    SHA512

    c64af43d2da2b210db295cc58dc2b151772f61a567082c9674d840cada2a973a56c74742c7c7c26b941bb470f3ba892cae7f04c183defadb289e6b9a10d588fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7df5978ffcc06f8088182eafc2d4ef8

    SHA1

    06edd8f6cac788afad2e156b041ace6962bbea24

    SHA256

    69d870b85bece9ee846cb8667652aa59bdd8e7070bf6947b2c0287c326489dfb

    SHA512

    6e97fbf888fc65b4bfe5d5b0a41d61716d054f19b9bb39ec73ebc27074a7cf74ba63b7be00f474dc25886a75c0401259f0df65e9751694528148241e00dbe863

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e68781f159f553996474c9c76cd4197a

    SHA1

    49474c80953916e009197821e98d79468662b797

    SHA256

    55f9d330550c93fbb4fa150e268314632509b286e7ea6ec4260564291b3bbafd

    SHA512

    b7b78d8930047e2cc4dbf426a5b90b44d1b44cfeb22227a531733ca3ed0ea3df5fdc8d7458601a7271ca09ee53c5c3e4106ac0360ccece4860b6bde21f35b32a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f25a8db9fb7d051649ba4ecbdacc87fe

    SHA1

    5656651c92454b22d9399dbe767c9738db2693ca

    SHA256

    ccd74f9ad45691a2fd709e9e71ba425392bac6b51c67a7bf98f503ab4b290543

    SHA512

    f4a0e1671869117cb292dcc55643d0b75238162885233abde7ab7ae8c2189e0af741cec6bba747a19f128394dc4f76a29943bf3b7dda6cc2810b1b8b274d3b87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e271c3fa512b6fbb1b2529965f0c276

    SHA1

    5556ba44e6db66e76649c4b7ab619e42a021c121

    SHA256

    2c2962b64d60f216405b99c4118a84205468e78368704ff4614c08d072ab24f5

    SHA512

    d33e229bd0ad5b5243c8df812d5b7eedde63a1fcd155b664cda3877e14984fec47e7678bfa2b2271fa45efb65016c8d6b5929233e234c0b37d0d0619b18f7f42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3e12ee6378b4ceddce51d7135be86de

    SHA1

    8c172010b25e656c4c7af2d99876f7c238fab0f4

    SHA256

    eb34236001a647ce803c5d07f89a80d9b29afe28df0fc0aa4e0f6394e9b3aa3c

    SHA512

    070830bd2719f70b0a2a6ef4191814ca07e2075778e534ffd8da2d84a762f15733e2a8905d0b551abe48dd21994404e06a5ab5c503c22529c77ded32905e7b19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca003bb7e60020aa1c2b4d985ebf37d7

    SHA1

    e10cd7e5eabf0ffb4e2db139b898d16bb704ffc1

    SHA256

    3c726c8d1b9878f37f9f3bf5d451369c180326bb783a9bdc9f226b283466e652

    SHA512

    6b81a97f81b11a83e25476dda33aac85fd84f1b25c1b56aff8928f2dbd3a14d52a7a2be56dc75884cc14c7aea72f8042b0981e0d8f430130e68992d9685f3449

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d700c6ab9a87d079790e040f291321a4

    SHA1

    09979e77a3530f0b406dfa115683ce7c8a687ae2

    SHA256

    88d35edf85ef9ac5b95e046bf3ba182803e09fcc70f33f0e56f08f854e40eb7c

    SHA512

    7377836156eabce5d3d9a84213f768914b4cae7cc9b4afcdc64e31f78c99816ddb867c8bb71e71062c2ac56019a05185be3278a376efddce64c79a571ba90fcc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10b72d5286b8533cd5ba65a533eaac8f

    SHA1

    511cb7caf3693814c9345a4ded3fa462ba17d00b

    SHA256

    cdc9208ea9b99faf3c7af2f132e9b8bd0aa56ff9252697b5be03e5df0716e274

    SHA512

    c09990b0210cc0ccb88dadf14698af69caff1afb348e3ecdbf21b50681b70ee986c2e7bb49dc6a5be675b75efc0f7ca3313d24512f6bdcfca30aae68105e2d77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    149c0b82f8c6e3a25818cd6676093977

    SHA1

    6bbd9193e57065b88d6941b3726fa3a399a6d651

    SHA256

    2d03d15691a44b49006122c308fd462bf661e218062a333913322ccfd30a6a33

    SHA512

    959ad01672a370fe3d658918df99ed1548c9a20d3096fe8488152cddddd87fbfdf631e816b8e3567fabca9f556015fdbb89deae66c3b4fcb2b0bc07878398360

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9d26b1a3c5c045026eb6b58aba82811

    SHA1

    4da714d84ccd473b3b13e25c3244cb4eb2b97aea

    SHA256

    f0c3cbc7d236e0c641877a54c4371d63d7c9096e6b49ca06fae9ba4327661533

    SHA512

    efe394c5937a57b79e922ff056fab92da47add9e8584f3adbba4603308a43a1ac946558eb9eedd2bcccae199d96b70a4c6655bc40c16614ed1fd865e4d171225

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    124623b7c42d1b2392e5a75f315f5be3

    SHA1

    5b07bd463f191e37e7bb21aa0e913959b64e5d72

    SHA256

    ebfd3f147c7fb03fe3d59b9ebbd6f8b109c6f31a67222f3290ad9dc552f479f3

    SHA512

    fcd13eafbb0d8616cfd2bfe11cdd9ada25df8ea7e117f82f7a5eff3b3d8f7f6c26ee15accfc5495ce145773552834234351ab7be243bfeea6f5525e1128857c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1508af6144446b0eaba4acaf9d827fd

    SHA1

    e894722cd1746cef2415f58526a83f0f86b51fe3

    SHA256

    207d80285490d5e6685c92588cc74b81f59cc831a5397a288d60b2fd7a6cd1d6

    SHA512

    04ff3b9cd37bef27348f4b7e65c3524b2725e75fa554d2746bfe3d5596dc0d9c18615a3ec22ec65d754ee23968d973aef65491b01914da38b60640db052b0aac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3bf2e566b8c637677a3edb74de159f1

    SHA1

    f9ed3332f6c405cabb34af19facfc453a50744af

    SHA256

    5e3b4a0a871e6b58fc9f9f40c1f8a3ec66647ab65f2ab0e37301d53725a0ba78

    SHA512

    fe71f14deeed908c201931cc246c394f0429955018e235f1abe63cef1cbea2bcd9f72664e1f883b49f65a549483c2acf7af5850dc9fa35679d9c0325982e0f5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbd3813bea54238ff090a6bb8ad7b413

    SHA1

    07e49ab38018bb4a92b3829ac62c53ee5211fc87

    SHA256

    b3ddbfc4fba107b2952ae9ba0ae31cedbea7f853f75af3e5c4ba593f8f242c47

    SHA512

    151630e33c5e45db85acec5fa3001c7ca1272fe4fe5f81c8d9cb4cc6d014e2b951b657df83288d5b711fe45818800b4bad69b86d11a4c7ece87daef93a69c59a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17175f9f969959283918ce555ba76a75

    SHA1

    fba73d845ac2ff952fb2ae47f251ce7d040ca519

    SHA256

    d599ad3d2023ad5df80a3aadc174d120f3e2172c8191a7190da6cfd40e1a1431

    SHA512

    20663b1639c10f1050398e3e2fbf5d4f17d062561b31175ed42a83dbbca780a4140d66a8daf8fe61c5c74572947f90f859f19d09c72be6c4b6e515bc643d30cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB3B8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB457.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit